Secure Coding mailing list archives
InformIT: comparing static analysis tools
From: Gary McGraw <gem () cigital com>
Date: Wed, 2 Feb 2011 09:48:44 -0500
hi sc-l, John Steven and I recently collaborated on an article for informIT. The article is called "Software [In]security: Comparing Apples, Oranges, and Aardvarks (or, All Static Analysis Tools Are Not Created Equal)" and is available here: http://www.informit.com/articles/article.aspx?p=1680863 Now that static analysis tools like Fortify and Ounce are hitting the mainstream there are many potential customers who want to compare them and pick the best one. We explain why that's more difficult than it sounds at first and what to watch out for as you begin to compare tools. We did this in order to get out in front of "test suites" that purport to work for tool comparison. If you wonder why such suites may not work as advertised, read the article. Your feedback is welcome. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- InformIT: comparing static analysis tools Gary McGraw (Feb 02)
- Re: InformIT: comparing static analysis tools Jim Manico (Feb 03)
- Re: InformIT: comparing static analysis tools Chris Wysopal (Feb 03)
- Re: InformIT: comparing static analysis tools Jim Manico (Feb 03)
- Re: InformIT: comparing static analysis tools Steven M. Christey (Feb 04)
- Re: InformIT: comparing static analysis tools Ben Laurie (Feb 04)
- Re: InformIT: comparing static analysis tools Chris Wysopal (Feb 04)
- Re: InformIT: comparing static analysis tools Ben Laurie (Feb 04)
- Re: InformIT: comparing static analysis tools Prasad N Shenoy (Feb 04)
- Re: InformIT: comparing static analysis tools Arian J. Evans (Feb 04)
- Re: InformIT: comparing static analysis tools Jim Manico (Feb 03)
- Re: InformIT: comparing static analysis tools Chris Wysopal (Feb 04)